Hi All,
Looking at the “how streamms are processed internally” section at http://docs.graylog.org/en/2.3/pages/streams.html
It states that the stream-id is assigned as the log source enter graylog.
Say I have the following windows log sources
application
security
system
Therefore, it should not be possible to create the streams detailed below as there is only one stream id per log entry.
stream 1 - A message must match at least one of the following rules
channel = security
channel = system
stream 2 - A message must match at least one of the following rules
channel = security
channel = application
Am I correct in my understanding or can log sources have multiple steam_ids?
Cheers
Jake